From 2b56e4844e94db1ddbf016ffb8c36e796f81a3a3 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Thu, 3 Dec 2015 11:16:20 -0800
Subject: [PATCH] Allow priv_apps to stat files on the system partition

Allows safetynet to scan the system partition which is made up of
files labeled system_file (already allowed) and/or files with the
exec_type attribute.

Bug: 25821333
Change-Id: I9c1c9c11bc568138aa115ba83238ce7475fbc5e4
---
 priv_app.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/priv_app.te b/priv_app.te
index a92b6eb1f..2ff9a37f3 100644
--- a/priv_app.te
+++ b/priv_app.te
@@ -60,6 +60,10 @@ userdebug_or_eng(`
   allow priv_app perfprofd_data_file:dir r_dir_perms;
 ')
 
+# Allow GMS core to stat files and executables on
+# the system partition
+allow priv_app exec_type:file getattr;
+
 ###
 ### neverallow rules
 ###
-- 
GitLab